In Ubuntu 18.04, I start Clementine Music Player, but no window is coming up. But once I start Clementine another time, it comes up.
This is not a bug, it is a setting. So this is what you want:
Tools -> Preferences -> Behaviour -> When Clementine starts -> Always show the main window
No, you are not alone, it is you, me, and a bunch of other people.
When using the official third-party repository of mono in Debian, unattended Upgrades will not upgrade the mono packages unless you allow the origin. To do so, edit your /etc/apt/apt.conf.d/50unattended-upgrades , which may look like this:
Unattended-Upgrade::Origins-Pattern {
"o=Debian,n=${distro_codename}";
"o=Debian,n=${distro_codename}-updates";
"o=Debian,n=${distro_codename}-proposed-updates";
"o=Debian,n=${distro_codename},l=Debian-Security";
};
To also update mono packages on Debian Stretch, add XamarinStretch as Origin:
Unattended-Upgrade::Origins-Pattern {
"o=Debian,n=${distro_codename}";
"o=Debian,n=${distro_codename}-updates";
"o=Debian,n=${distro_codename}-proposed-updates";
"o=Debian,n=${distro_codename},l=Debian-Security";
"o=XamarinStretch";
};
If you use another Debian version or Distribution, like Jessie or Ubuntu, search for the file /var/lib/apt/lists/download.mono-project.com_repo_*_InRelease and check the “Origin: ” line and adjust the origin in the config file accordingly.
If you find that the Origin of the packages in the repository is not given, then you can also tell unattended upgrade to select them based on the given site. For example, this works for the packages from sury.org:
"site=packages.sury.org";
The packages.icinga.com Repository has the Origin “debian icinga-stretch”, so this is what you need to add to /etc/apt/apt.conf.d/50unattended-upgrades:
"o=debian icinga-${distro_codename}";
To test if it works, you can run unattended updates manually like this (as root or with sudo):
unattended-upgrade -d
If this made your day or you still have problems, just drop a comment.
You have some service, e.g. webmin, that should not be accessible to the public and block access with iptables? And sometimes you connect from a client that is not yet whitelisted in iptables, and always need to look up its IP and add an iptables rule by ssh. Here is a small shell one-liner that makes your life easier:
iptables -I INPUT -p tcp -s `echo $SSH_CLIENT | awk '{ print $1}'` --dport 10000 -j ACCEPT
This just adds an accept rule to iptables that accepts requests from the IP address of the ssh client to port 10000. Of course, you need to adjust the port. You can just paste this in a bash-script, add a bash alias for it or whatever you want to access it fast.
To remove the iptables rule, just replace -I with -D:
iptables -D INPUT -p tcp -s `echo $SSH_CLIENT | awk '{ print $1}'` --dport 10000 -j ACCEPT
You can create one script or shell alias or for each one for easy access.
If this made your day, just leave a comment.
When still using Debian Wheezy, I configured my spamassasin service to run at a nice level of 10 so it does not slow down apache, mysql, php etc. To do so, I noticed in /etc/init.d/spamassasin a parameter called NICE with a comment saying I should not touch this and instead, go into /etc/default/spamassassin. So I adjusted this file, and on my Debian Stretch, it still looks like this:
# /etc/default/spamassassin # Duncan Findlay # WARNING: please read README.spamd before using. # There may be security risks. # Change to one to enable spamd ENABLED=1 # Options # See man spamd for possible options. The -d option is automatically added. # SpamAssassin uses a preforking model, so be careful! You need to # make sure --max-children is not set to anything higher than 5, # unless you know what you're doing. OPTIONS="--create-prefs --max-children 5 --helper-home-dir" # Pid file # Where should spamd write its PID to file? If you use the -u or # --username option above, this needs to be writable by that user. # Otherwise, the init script will not be able to shut spamd down. PIDFILE="/var/run/spamd.pid" # Set nice level of spamd NICE="--nicelevel 10" # Cronjob # Set to anything but 0 to enable the cron job to automatically update # spamassassin's rules on a nightly basis CRON=1
This had worked well on Debian Wheezy. Now I noticed that on Debian Stretch, the spamassasin service is running with a nice level of 0, so basically this has no effect. This is because Debian now uses systemd and these init.d files are magically transformed into systemd units and there, the nice level cannot be adjusted like this. The complete story is a lot longer and complex, but I don’t want to bother you here.
First, check the location of the unit file of your service. To do so, run:
systemctl status spamassassin.service
It will output something like:
● spamassassin.service - Perl-based spam filter using text analysis
Loaded: loaded (/etc/systemd/system/spamassassin.service; disabled; vendor preset: enabled)
Active: active (running) since Tue 2018-07-17 16:07:26 CEST; 19min ago
Main PID: 946 (/usr/sbin/spamd)
Tasks: 3 (limit: 4915)
CGroup: /system.slice/spamassassin.service
├─946 /usr/sbin/spamd -d --pidfile=/var/run/spamd.pid --create-prefs --max-children 5 --helper-home-dir
├─949 spamd child
└─950 spamd child
Jul 17 16:07:23 systemd[1]: Starting Perl-based spam filter using text analysis...
Jul 17 16:07:26 systemd[1]: Started Perl-based spam filter using text analysis.
In the line “Loaded”, it gives the location of the unit file, in this case:
/etc/systemd/system/spamassassin.service
In your case, it is probably:
/lib/systemd/system/spamassassin.service
If it gives the path to /etc/init.d/ and says “generated” under loaded, as it does e.g. for amavisd-new, then you will probably find the unit file automatically generated by systemd-sysv-generator in one of these paths:
/run/systemd/generator.late
/run/systemd/generator.early
/run/systemd/generator
If your unit file is not already in etc, copy the file from where it is now to /etc, e.g. like this:
cp /lib/systemd/system/spamassassin.service /etc/systemd/system/
If your file is already in /etc, then just go ahead and edit this.
Now open the file /etc/systemd/system/spamassassin.service – it will look like this:
[Unit] Description=Perl-based spam filter using text analysis After=syslog.target network.target [Service] Type=forking PIDFile=/var/run/spamd.pid EnvironmentFile=-/etc/default/spamassassin ExecStart=/usr/sbin/spamd -d --pidfile=/var/run/spamd.pid $OPTIONS ExecReload=/bin/kill -HUP $MAINPID StandardOutput=null StandardError=null Restart=always [Install] WantedBy=multi-user.target
Now adjust it so after [Service] and before [Install], it sets the nice level like this:
[Unit] Description=Perl-based spam filter using text analysis After=syslog.target network.target [Service] Type=forking PIDFile=/var/run/spamd.pid EnvironmentFile=-/etc/default/spamassassin ExecStart=/usr/sbin/spamd -d --pidfile=/var/run/spamd.pid $OPTIONS ExecReload=/bin/kill -HUP $MAINPID StandardOutput=null StandardError=null Restart=always Nice=10 [Install] WantedBy=multi-user.target
Now reload the systemd-daemon:
systemctl daemon-reload
And restart your service:
systemctl restart spamassassin.service
Now check the nice level of your spamd processes, it should be 10 now.
If this made your day or you still have problems, please let me know in the comments.
You are trying to catch an Exception like this and it never gets caught?
<?php
try {
// whatever you do here
// probably, you use some library
} catch(Exception $e) {
// this never works
}
?>
Most likely, your app is in some namespace. This means with the above code you only catch exceptions of the namespace of your app, not any exception. The solution is easy, just add a backslash:
try {
// whatever
} catch(\Exception $e) {
// this should work
// note the backslash!
}
Hope this helps somebody.
Paypal allows you to transfer money to your friends and family. To do so, you just need the email or phone number of the recipient. I just did this and noticed something interesting: I just gave the email address of the recipient, but in the list of transactions, paypal shows the full real name of my friend as recipient, and also sent me a mail that contains the full name. This means, you can easily find out the real name assigned to some mail address that is used as a paypal account by just sending a cent to the address. Of course the recipient will notice it, but probably will not complain.
This is especially interesting as paypal itself says in the footer of every email that scam mails will usually not include your real name. But scammers could first send you a cent to find out your real name and then greet you with your real name in the scam mail.
It seems to be a good idea to use an email address for paypal that you use nowhere else. This way, it is not possible to find out your real name through your normal mail address. Additionally, this has the advantage that you can ignore any phishing mail that you receive in the name of paypal, but through your normal mail address and not your paypal mail address.
You use Putty to tunnel some port through SSH to a foreign network but manually starting it again and again annoys you and the window gets in the way? Here is your solution. It requires admin rights and is tested on Windows 7 Professional only. Please let us know in the comments whether it works the same in your windows version.
Let me know if this saved your day and what you are using it for. I am using this to create an SSH tunnel for Sophos Endpoint Security and Control to fetch its updates from a server that is only accessible from an internal network.
Just wanted to upgrade a Zimbra server from 8.7.3 to 8.7.5. The upgrade always asks you whether to check database integrity. Even it was only a minor upgrade, I chose yes to be on the safe side. And it turned out the MySQL DB was indeed corrupt.
I had seen corrupt zimbra dbs a lot and the “MySQL crash recovery” guide in the zimbra wiki always helped out. But not this time.
I tried the crash recovery as explained in the wiki. When doing dumps, four mboxgroup-databases always failed because the index open_conversation of the table open_conversation was corrupt. As the guide explains, I increased innodb_force_recovery step by step from 1 to the maximum 6, but the error did not go away.
So here is what helped:
Dumped mboxgroup8 mysqldump: Error 1712: Index open_conversation is corrupted when dumping table `open_conversation` at row: 0 Dumped mboxgroup9
This means that mboxgroup9 (not 8!) is corrupt. Write down all the mboxgroup numbers where an error appeared.
su zimbra
mysql.server restart
source ~/bin/zmshutil ; zmsetvars
mysql -u root --password=$mysql_root_password
USE mboxgroup9;
OPTIMIZE TABLE open_conversation;
Note: If this fails, check if you really removed innodb_force_recovery from the my.cnf!
exit;
rm -R /tmp/mysql.db.list /tmp/mysql.sql/
Please let me know if this helped you or if you have some additions.
I still think greylisting with postgrey is very effective against spam. But now and then, mail from some senders get delayed for hours. This especially is the case for big mail service providers like Amazon SES, Microsoft Exchange Online Protection or Mailchimp. These providers have lots of servers and IP-addresses and the first attempt to deliver an email usually comes from a different server than the second. Thus, postgrey will not find a matching triplet and block the second attempt again. This will continue until one of the mail servers tried twice and postgrey found a matching tripled. This might take hours and thus cause significant delay of mails.
Therefore, if you want to use postgrey without delaying lots of mail for several hours, you need to whitelist these big email services with many servers. As new services come up and others go, you need some way to find out which servers try to send mail to your server and frequently get denied because no triplet is found.
To get an idea of what is happening and which servers might need whitelisting, I wrote a small command that analyzes your mail.log-files. Here it is:
grep -ohP 'reason=new, client_name=[^,.]+\.[^,.]+\.\K[^,.]+\.[^,]+' /var/log/mail.log* | sort | uniq -c | sort -nr | less
So what does this do?
It scans your /var/log/mail.log* files for occurrences containing reason=new, which is what postgrey logs when no triplet was found. It then takes the domain of the server that is trying to send the mail to you, stripping the first subdomain, as this might vary from server to server that the mail service provider uses. It then sorts, counts and orders the result.
The result of this command might look like this (stripped after some lines):
579 protection.outlook.com
503 eu-west-1.amazonses.com
113 facebook.com
54 mcsv.net
52 rsgsv.net
48 mcdlv.net
28 amazonses.com
17 asianet.co.th
You should check especially all the lines that have a lot of occurrences. They might be domains from big email service providers that need whitelisting for the reasons explained above. For example, the mail from protection.outlook.com and amazonses.com is mail sent by customers of these mail providers that usually is not spam. Especially, the mail servers of these providers do retry delivery lots of times, so greylisting would not block spam anyway, it would just cause significant delays. So these domains should be whitelisted.
But the domains in this list might also only be domains that are used by an ISP for dynamic IP addresses that are actually sending spam. For example, asianet.co.th seems to be a big ISP from Thailand and multiple dynamic IP-addresses from this ISP tried to send spam, resulting in 17 occurrences where no triplet was found. This is mail that you want to be blocked/delayed.
Once you decided which domains you want to whitelist, you can do so by adding them in your whitelist-file (on Debian this is usually /etc/postgrey/whitelist_clients).
The entries should look like this:
/.*\.protection\.outlook\.com$/ /.*\.amazonses\.com$/ /.*\.facebook\.com$/ /.*\.booking\.com$/ /.*\.mcsv\.net$/ /.*\.rsgsv\.net$/ /.*\.mcdlv\.net$/ /.*\.mandrillapp\.com$/
Note: You should escape all dots with a backslash, as done in the example. Otherwise, a dot matches any character, so protection.outlook.com would also whitelist protectionAoutlook.com, which might be a domain that spammers register on purpose to get through servers that use inaccurate whitelists.
You could run the above command from time to time to check if new services need whitelisting. But it would be more easy, if you get notified when a new domain pops up in this list that you have not checked yet, right?
Therefore, I wrote a small nagios/icinga plugin that checks if any new domains appear on this list. It is a bit quick and dirty but does its job.
The main part is a bash script, that you could place in /usr/lib/nagios/plugins/check_postgrey_whitelist :
#!/bin/bash
log='/var/log/mail.log.1'
ignoreFile='/etc/nagios-plugins/postgrey_no_whitelist'
hosts=`grep -ohP 'reason=(new|early-retry[^,]*), client_name=[^,.]+\.[^,.]+\.\K[^,.]+(\.co|\.com)\.?[^,]+' $log | sort | uniq -c | awk '$1>=15{print $2}' | sort`;
noWhitelist=`cat $ignoreFile | sort`;
diff=`comm -23 <(echo "$hosts") <(echo "$noWhitelist") | sed ':a;N;$!ba;s/\n/ /g'`;
OK=0;
WARNING=1;
CRITICAL=2;
UNKNOWN=3;
if [ -z "$diff" ]; then
echo "Okay, the top domains are whitelisted or ignored";
exit $OK;
else
echo "Whitelist or ignore these senders: $diff";
exit $WARNING;
fi
This script ignores all domains listed in /etc/nagios-plugins/postgrey_no_whitelist (one per line), assuming you checked that you do not want to whitelist these. So create this file as well and put the domains in that you checked and do not want to whitelist:
asianet.co.th example.com
Now we need to define the command for this plugin:
Create the configuration where your other plugins are defined, e.g. /etc/nagios-plugins/config/postgrey_whitelist.cfg
define command {
command_name check_postgrey_whitelist
command_line /usr/lib/nagios/plugins/check_postgrey_whitelist
}
Now you need to create a service for your localhost that runs this command.
In your localhost service definition, e.g. /etc/icinga/objects/localhost_icinga.cfg , add this:
define service{
use generic-service
host_name localhost
service_description Postgrey Whitelist
check_command check_postgrey_whitelist
}
Finally, make sure that nagios/icinga has read-access to your mail-logfile. You can adjust which file to check in the script above, I chose mail.log.1. So you might chown this file to the nagios user like this:
chown nagios:adm mail.log.1
Of course logrotation needs to know that new rotated files should have this owner. On a debian system, you can configure logrotate to do so in /etc/logrotate.d/rsyslog. Adjust it similar to this one:
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
rotate 4
weekly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
invoke-rc.d rsyslog rotate > /dev/null
endscript
}
/var/log/mail.log
{
rotate 4
weekly
missingok
notifempty
compress
delaycompress
sharedscripts
create 440 nagios adm
postrotate
invoke-rc.d rsyslog rotate > /dev/null
endscript
}
So I removed the mail.log from the first logrotate definition and created a new one below which is exactly the same but contains an extra line create 440 nagios adm to tell logrotate which user and permission to assign the logfiles to.
You might need to adjust some stuff depending on your distro, but I hope this helps somebody to set this up.
Update 06.03.2017: Adjusted script so it does not consider second-level domains like co.uk or com.br as single senders anymore.